In this book you will learn how to build multiple web APIs of increasing complexity using Django and Django REST Framework. Django is a very popular Python-based web framework that handles the challenging parts of building a website: authentication, connecting to a database, logic, security, and so on. There are also thousands of third-party packages that add functionality to Django itself, the most prominent of which is Django REST Framework, which allows developers to transform any existing Django project into a powerful web API.

Django and Django REST Framework are used by the largest tech companies in the world, including Instagram, Mozilla, and Pinterest. But they are also well-suited to beginners or weekend side projects because Django’s “batteries-included” approach masks much of the underlying complexity, allowing for rapid and secure development. By the end of this book you will be able to create production-ready web APIs with a small amount of code in an even smaller amount of time.

Why APIs

An API (Application Programming Interface) is a shorthand way to describe how two computers communicate directly with one another. For web APIs, which exist on the world wide web, the dominant architectural pattern is known as REST (REpresentational State Transfer) and will be covered properly later on in this book.

Back in 2005, when Django was first released, most websites consisted of one large monolithic codebase. The back-end of database models, views, and URLs were combined with front-end templates to control the presentational layer of each web page.

But these days it is far more common for websites to adopt an API-first approach of formally separating the back-end from the front-end. This allows a website to use a dedicated JavaScript front-end framework, such as React or Vue, which were released in 2013 and 2014 respectively. When the current front-end frameworks are eventually replaced by even newer ones in the years to come, the back-end API can remain the same. No major rewrite is required.

Another major benefit is that one single API can support multiple front-ends written in different languages and frameworks. Consider that JavaScript is used for web front-ends, while Android apps require the Java programming language, and iOS apps need the Swift programming language. With a traditional monolithic approach, a Django website cannot support these various front-ends. But with an internal API, all three can communicate with the same underlying database back-end!

Growing websites can also benefit from creating an external API that allows third-party developers to build their own iOS or Android apps. When I worked at Quizlet back in 2010 we did not have the resources to develop our own iOS or Android apps, but we did have an external API available that more than 30 developers used to create their own flashcard apps powered by the Quizlet database. Several of these apps were downloaded over a million times, enriching the developers and increasing the reach of Quizlet at the same time.

The major downside to an API-first approach is that it requires more configuration than a traditional Django application. However as we will see in this book, the fantastic Django REST Framework library removes much of that complexity for us.

Django REST Framework

There are thousands of third-party apps available that add further functionality to Django. You can see a complete, searchable list over at Django Packages, as well as a curated list in the awesome-django repo. However, amongst all third-party applications, Django REST Framework is arguably the killer app for Django. It is mature, full of features, customizable, testable, and extremely well-documented. It also purposefully mimics many of Django’s traditional conventions, which makes learning it much faster. If you already know Django, then learning Django REST Framework is the logical next step.


If you’re brand new to web development with Django, I recommend starting with my book Django for Beginners. The first several chapters are available for free online and cover proper set up, a Hello World app, a Pages app, and a Message Board app. The full-length version goes deeper and covers a Blog website with forms and user accounts as well as a production-ready Newspaper site that features a custom user model, complete user authentication flow, emails, permissions, deployment, environment variables, and more.

This background in traditional Django is important since Django REST Framework deliberately mimics many Django conventions. It is also recommended that readers have a basic knowledge of Python itself. Truly mastering Python takes years, but with just a little bit of knowledge you can dive right in and start building things.

Why this book

I wrote this book because there is a distinct lack of good resources available for developers new to Django REST Framework. The assumption seems to be that everyone already knows all about APIs, HTTP, REST, and the like. My own journey in learning how to build web APIs was frustrating… and I already knew Django well enough to write a book on it! This book is the guide I wish existed when starting out with Django REST Framework.

Chapter 1 covers the initial set up of installing Python, Django, Git, and working with the command line. Chapter 2 is an introduction to web APIs and the HTTP protocol that underpins it all. In Chapters 3-4 we review the differences between traditional Django and Django REST Framework by building out a Library book website, transforming it into an API, adding tests, and then deploying it live. In Chapter 5 we build, test, and deploy a Todo API with list and detail API endpoints. It also includes Cross Origin Resource Sharing (CORS).

Chapter 6 is the start of a making a production-ready Blog API that uses a custom user model and full Create-Read-Update-Delete (CRUD) functionality. Chapters 7 focuses on permissions, how to limit access appropriately, and creating a custom permission class. In Chapter 8 the focus turns to user authentication and the four built-in authentication methods. Then we add endpoints for user registration, log out, password reset, and password reset confirmed. Chapter 9 turns to viewsets and routers, built-in components that can greatly reduce the amount of coding required for standard API endpoints. Chapter 10 covers schema and documentation and Chapter 11 goes step-by-step through a production deployment.

Complete source code for all chapters can be found online on Github.


Django and Django REST Framework is a powerful and accessible way to build web APIs. By the end of this book you will be able to add APIs to any existing Django projects or build your own dedicated web API from scratch properly using modern best practices. Let’s begin!

Continue on to Chapter 1: Web APIs.